If you’re ever faced with a situation of handing over your iPhone to law enforcement, whether the police, feds, or court system, there are things you can do to prevent them from getting access to all that potentially self-incriminating data.
We’ve mentioned multiple times before that Face ID and Touch ID aren’t your friends when it comes to law enforcement, and that’s even more clear now with a search warrant that was recently made public pertaining to the investigation by federal authorities into possible Russian interference in the 2016 presidential election.
The search warrant gave access to the premises and electronic devices (specifically, two iPhone models) of Michael Cohen, President Trump’s former lawyer, to uncover evidence of bank fraud and hush money payments.
Detailed in the search warrant (start at page 77), it outlines the process of gaining access to Cohen’s two iPhone devices, both apparently locked using Face ID or Touch ID. The highlight of the document is when advice is given to use Cohen’s face or fingerprint to unlock the devices. While it’s totally acceptable for authorities to do so, it’s not as easy for them to force you to use your passcode.
In other cases, it’s been discovered that the law can’t make you enter or give your passcode, PIN, or password because it would violate your Fifth Amendment right against self-incrimination. While that refers to information you know, your face and fingerprints are something you have and aren’t considered self-incriminating.
As such, the easiest way to prevent law enforcement officials from gaining access to the data on your iPhone is to disable Face ID or Touch ID before they get their hands on it. However, that’s not the only thing you could or should do. If you’re ever in such a situation, be prepared by following some of the advice below.
Tip 1: Disable Biometrics in a Split Second
While it’s very unlikely that any of you will want to disable Face ID or Touch ID completely on your iPhone, the next best thing is knowing how to disable those biometric features without having to tap on your screen at all. This is very important when dealing with police stops where your Fourth Amendment right against illegal search and seizure without a warrant may be violated.
Starting in iOS 11, Apple included a security feature as part of Emergency SOS that lets you disable biometric authentication temporarily when you press the right physical buttons together. On an iPhone 8 or newer, those buttons would be the Side and either Volume button. On an iPhone 7 and older, you’d need to click the Side button five times in a row. After doing so, you will need to input your passcode or password in to enable biometric security again.
Tip 2: Enable Protection Against USB Devices
If you’ve blocked law enforcement agents from using your biometrics against you, the next thing you have to worry about is them using special hacking tools to brute-force your passcode or password. Tools such as GrayKey and Cellebrite are well known for being able to do this, and they require a connection to the Lightning port on the iPhone.
Starting in iOS 11.4.1, Apple has included a setting that will prevent any data transmission from the Lightning port of your iPhone except when you authorize it. The setting, simply called “USB Accessories,” is found in the settings for Face ID, Touch ID, and the passcode. While most features you have to toggle on to activate, this one needs to be disabled for it to work, since you want to deny access to USB accessories when locked.
With this setting, your iPhone will automatically block all USB accessories after one hour of being locked. The only way to resume access is to use Face ID, Touch ID, or your passcode or password. And if you followed Tip 1 above, the passcode or password will be the only thing accepted.
Tip 3: Use Find My iPhone to Block Access
The final thing you could do is use Find My iPhone. Anyone who cares about losing an expensive device or giving up personal information should have this enabled already. For some reason, if you don’t already, make sure to enable it.
If law enforcement does get its hands on your iPhone and you’re not sure if the previous two tips were successful, you can put your iPhone in “ Lost Mode,” which prevents your iPhone from being accessed without your passcode or password.
If you never expect to get your iPhone back, you could also use Find My iPhone to remotely erase your device. A device with zero information on it is essentially useless to authorities. And if you’re wiping your iPhone because it has incriminating information on it, you’ll want to delete all backups you have on iCloud and iTunes as well.
In order for either of these to work, however, your iPhone will need to be connected to the internet. If it’s currently not connected, the next time it connects, “Lost Mode” or “Erase iPhone” will activate either locking or wiping the device. Law enforcement authorities are well aware of this trick, as indicated in the Cohen search warrant, and they’ll do anything they can to prevent an internet connection until they figure out how to get the information off the device.
Tip 4: Block Alerts on Your Lock Screen
If you don’t wipe it or put it in “Lost Mode,” your device will still work as always, meaning notifications will show up on your lock screen if that’s how it’s set up. Luckily, there is a way to prevent any notification from being read on the lock screen without the use of Face ID, Touch ID, or a passcode or password. If you followed Tip 1, you only have to worry about people using your passcode or password to unlock the contents behind notifications.
Tip 5: Block Widgets on Your Lock Screen
Going even further than just notifications, you may want to consider removing access to widgets on the lock screen, because frequent contacts, calendar events, and other information will still be visible without an unlocking.
You don’t have to disable them entirely, but you should at least set it so that widgets are only viewable when the device is unlocked. For example, if you have an iPhone X or newer, you can use Face ID to unlock your device while remaining on the lock screen, free to view widgets.
Tip 6: Use a Stronger Passcode (Or Password)
A continuing theme in this roundup is making it so that law enforcement agencies can only use your passcode or password to unlock the device, something they can’t compel you to give up. But if you didn’t use Tip 2 above, you’ll at least want a stronger passcode. Better yet, use an alphanumeric password instead.
There are only one million possible combinations for a six-digit numeric passcode, the default option for iOS, which is much faster to crack than a longer code. While a six-digit numeric passcode could take mere hours to crack, an eight-digit one could take months with 100 million possibilities, and a 10-digit one would take years at 10 billion possible combinations.
In the passcode settings, you can even go above 10-digit numeric passcodes, with as many numbers as you can remember. Even better, you can use an alphanumeric password instead that can use letters (uppercase and lowercase), numbers, and special characters. Plus, you can make it as long and secure as you want.